Vanderbilt University Medical Center is facing a federal civil rights investigation after turning the medical records of transgender patients over to Tennessee’s attorney general, hospital officials have confirmed.
how is this not a HIPAA violation?
It likely fell under a permitted disclosure, as the AG stated they were pursuing a billing fraud investigation. Maybe still a case, if the disclosure was unnecessarily broad though.
Per Health and Human Services:
Health Oversight Activities. Covered entities may disclose protected health information to health oversight agencies (as defined in the Rule) for purposes of legally authorized health oversight activities, such as audits and investigations necessary for oversight of the health care system and government benefit programs.
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
wow, thanks for the very specific answer.
as always, cruelty is the point.
General bigotry.
It is a HIPAA violation, but the bigots say that trans people aren’t people, so HIPAA doesn’t apply. They fucked around and now just might find out. Sadly, they’ve already done a lot of damage be releasing this information.
This does not sound like a HIPAA violation to me. Records were released to the AG for a fraud investigation; whether or not this investigation is a sham or not I can’t tell, but legally that sounds within the scope of release. It’s only released to the AG and only for the purpose of whatever investigation. That’s likely why this isn’t being tried as a HIPAA violation and instead they’re suing.
Skrmetti’s office added that they chose to investigate after being tipped off in the summer of 2022 “that a VUMC doctor publicly described her manipulation of medical billing codes to evade coverage limitations on gender-related treatment.”
Again I’m not saying the initial accusation of fraud is just, but it seems perfectly normal to release medical treatment records to investigate a case of claims fraud.
The fraud case is likely the bigoted part, but I think they’re completely within the lines of HIPAA here.
Patients’ personal info was not redacted, the article says. That’s HIPAA territory.
Not if it’s for legal purposes and shared with only those who need to know.
You are correct that this is protected health information (PHI). It is not, however, a violation of HIPAA.
so fucked up
Wow and a half — everywhere I’ve worked in the health biz, even before HIPAA, patient confidentiality was the prime directive.
The article doesn’t even say there was a search warrant, only a request for records from Tennessee’s horrific Attorney General. If there was a legal demand for the records, it should’ve been fought, but instead the records were turned over pronto, with no redactions of personal information, and the patients weren’t notified until months later.
In a sane world, that would cost Vanderbilt a lot of millions of dollars, but I’ve looked at a map of the galaxy and you can’t get to a sane world from here.
Good jail the person who turn over the records.
jail time
Doesn’t matter. Even if they lose every penny the damage has already been done. These people should be punched or worse, not just fined.
Hope they suffer like a naked honey covered man on top of an ant hill.